From: Adriaan de Jong <dejong@fox-it.com>
Date: Tue, 5 Jul 2011 08:05:32 +0000 (+0200)
Subject: Added warning that --capath is not available with PolarSSL
X-Git-Tag: v2.3-alpha1~98
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d26c253e8f62d67b51d50f82c333ed4412000ac;p=thirdparty%2Fopenvpn.git

Added warning that --capath is not available with PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
---

diff --git a/openvpn.8 b/openvpn.8
index 8e8ea8f92..4e3b87b27 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -3952,6 +3952,7 @@ they are distributed with OpenVPN, they are totally insecure.
 .B \-\-capath dir
 Directory containing trusted certificates (CAs and CRLs).
 Available with OpenSSL version >= 0.9.7 dev.
+Not available with PolarSSL.
 .\"*********************************************************
 .TP
 .B \-\-dh file
diff --git a/options.c b/options.c
index 68c2a698f..635cef22b 100644
--- a/options.c
+++ b/options.c
@@ -2281,6 +2281,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
 #ifdef USE_POLARSSL
 	  if (!(options->ca_file))
 	    msg(M_USAGE, "You must define CA file (--ca)");
+          if (options->ca_path)
+            msg(M_USAGE, "Parameter --capath cannot be used with the PolarSSL version version of OpenVPN.");
 #else
 	  if ((!(options->ca_file)) && (!(options->ca_path)))
 	    msg(M_USAGE, "You must define CA file (--ca) or CA path (--capath)");